[SCM] KDE Base Workspace module packaging branch, kde4.11, updated. debian/4.11.2-3-4-g7031074
Lisandro Damián Nicanor Pérez
lisandro at alioth.debian.org
Fri Nov 1 21:30:58 UTC 2013
Gitweb-URL: http://git.debian.org/?p=pkg-kde/kde-sc/kde-workspace.git;a=commitdiff;h=7031074
The following commit has been merged in the kde4.11 branch:
commit 703107436d613dfaf89b068689b1e2fd4cb1acc0
Author: Lisandro Damián Nicanor Pérez Meyer <perezmeyer at gmail.com>
Date: Fri Nov 1 18:30:34 2013 -0300
Also add the SELinux pam stuff to kdm-np.
---
debian/kdm-np.pam | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/debian/kdm-np.pam b/debian/kdm-np.pam
index a13232b..c4c6c81 100644
--- a/debian/kdm-np.pam
+++ b/debian/kdm-np.pam
@@ -4,8 +4,17 @@
auth required pam_nologin.so
auth required pam_env.so readenv=1
auth required pam_env.so readenv=1 envfile=/etc/default/locale
+# SELinux needs to be the first session rule. This ensures that any
+# lingering context has been cleared. Without out this it is possible
+# that a module could execute code in the wrong domain.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_limits.so
+session required pam_loginuid.so
+ at include common-session
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
@include common-account
@include common-password
- at include common-session
auth required pam_permit.so
--
KDE Base Workspace module packaging
More information about the pkg-kde-commits
mailing list